diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-02 15:56:25 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-02 15:56:25 +0000 |
commit | 147e154ab698cd778a33236829a9cb448b2abb37 (patch) | |
tree | 5d4a13dce5a431b23a814a400dfe4a739aacc3a5 | |
parent | 46e848834ff982a14da072445fcbdda82c9475e2 (diff) | |
download | gnutls-147e154ab698cd778a33236829a9cb448b2abb37.tar.gz |
cleanups... and more modular design.
-rw-r--r-- | lib/auth_anon.c | 31 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 88 | ||||
-rw-r--r-- | lib/gnutls_algorithms.h | 8 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 7 |
4 files changed, 88 insertions, 46 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 71e2708f6a..53f8c8f2f6 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -28,26 +28,20 @@ int gen_anon_client_kx( GNUTLS_KEY, opaque**); int proc_anon_server_kx( GNUTLS_KEY, opaque*, int); int proc_anon_client_kx( GNUTLS_KEY, opaque*, int); -int gen_anon_client_cert_vrfy( GNUTLS_KEY, opaque**); -int proc_anon_client_cert_vrfy( GNUTLS_KEY, opaque*, int); - -int gen_anon_server_cert_vrfy( GNUTLS_KEY, opaque**); -int proc_anon_server_cert_vrfy( GNUTLS_KEY, opaque*, int); - MOD_AUTH_STRUCT anon_auth_struct = { "ANON", gen_anon_server_kx, NULL, NULL, gen_anon_client_kx, - gen_anon_client_cert_vrfy, - gen_anon_server_cert_vrfy, + NULL, + NULL, proc_anon_server_kx, NULL, NULL, proc_anon_client_kx, - proc_anon_client_cert_vrfy, - proc_anon_server_cert_vrfy + NULL, + NULL }; int gen_anon_server_kx( GNUTLS_KEY key, opaque** data) { @@ -241,20 +235,3 @@ int proc_anon_client_kx( GNUTLS_KEY key, opaque* data, int data_size) { return 0; } - -int gen_anon_client_cert_vrfy( GNUTLS_KEY key, opaque** data) { - (*data) = NULL; - return 0; -} -int gen_anon_server_cert_vrfy( GNUTLS_KEY key, opaque** data) { - (*data) = NULL; - return 0; -} -int proc_anon_client_cert_vrfy( GNUTLS_KEY key, opaque* data, int data_size) { - /* no certificate check in anonymous KX */ - return 0; -} -int proc_anon_server_cert_vrfy( GNUTLS_KEY key, opaque* data, int data_size) { - /* no certificate check in this algorithm */ - return 0; -} diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index affd0bbc64..6c75ac3971 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -139,17 +139,13 @@ static gnutls_compression_entry compression_algorithms[] = { /* Key Exchange Section */ -#define GNUTLS_KX_ALGO_ENTRY(name, server_cert, server_kx, server_kx2, client_kx, client_kx0, client_cert, RSA_premaster, DH_public_value, auth_struct) \ - { #name, name, server_cert, server_kx, server_kx2, client_kx, client_kx0, client_cert, RSA_premaster, DH_public_value, auth_struct } +#define GNUTLS_KX_ALGO_ENTRY(name, server_cert, client_cert, RSA_premaster, DH_public_value, auth_struct) \ + { #name, name, server_cert, client_cert, RSA_premaster, DH_public_value, auth_struct } struct gnutls_kx_algo_entry { char *name; KXAlgorithm algorithm; int server_cert; - int server_kx; - int server_kx2; - int client_kx; - int client_kx0; int client_cert; int RSA_premaster; int DH_public_value; @@ -158,13 +154,13 @@ struct gnutls_kx_algo_entry { typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry; static gnutls_kx_algo_entry kx_algorithms[] = { - GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_ANON_DH, 0, 1, 0, 1, 0, 0, 0, 1, &anon_auth_struct), - GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_RSA, 1, 0, 0, 1, 0, 1, 1, 0, NULL), - GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_DSS, 1, 1, 0, 1, 0, 1, 0, 0, &dhe_dss_auth_struct), - GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_RSA, 1, 1, 0, 1, 0, 1, 0, 0, NULL), - GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_DSS, 1, 0, 0, 1, 0, 1, 0, 0, NULL), - GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_RSA, 1, 0, 0, 1, 0, 1, 0, 0, NULL), -// GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_SRP, 0, 1, 1, 0, 1, 0, 0, 0, &srp_auth_struct), + GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_ANON_DH, 0, 0, 0, 1, &anon_auth_struct), + GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_RSA, 1, 1, 1, 0, NULL), + GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_DSS, 1, 1, 0, 0, &dhe_dss_auth_struct), + GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_RSA, 1, 1, 0, 0, NULL), + GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_DSS, 1, 1, 0, 0, NULL), + GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_RSA, 1, 1, 0, 0, NULL), +// GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_SRP, 0, 0, 0, 0, &srp_auth_struct), {0} }; @@ -569,8 +565,14 @@ inline int _gnutls_kx_priority(GNUTLS_STATE state, KXAlgorithm algorithm) int _gnutls_kx_server_key_exchange(KXAlgorithm algorithm) { size_t ret = 0; + void* ret2=NULL; + + /* if the auth algorithm does not have a null value + * for the kx2 generation then it supports it! + */ + GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_server_kx); + if (ret2!=NULL) ret = 1; - GNUTLS_KX_ALG_LOOP(ret = p->server_kx); return ret; } @@ -578,8 +580,14 @@ int _gnutls_kx_server_key_exchange(KXAlgorithm algorithm) int _gnutls_kx_server_key_exchange2(KXAlgorithm algorithm) { size_t ret = 0; - - GNUTLS_KX_ALG_LOOP(ret = p->server_kx2); + void* ret2=NULL; + + /* if the auth algorithm does not have a null value + * for the kx2 generation then it supports it! + */ + GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_server_kx2); + if (ret2!=NULL) ret = 1; + return ret; } @@ -587,16 +595,58 @@ int _gnutls_kx_server_key_exchange2(KXAlgorithm algorithm) int _gnutls_kx_client_key_exchange0(KXAlgorithm algorithm) { size_t ret = 0; - - GNUTLS_KX_ALG_LOOP(ret = p->client_kx0); + void* ret2=NULL; + + /* if the auth algorithm does not have a null value + * for the kx0 generation then it supports it! + */ + GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_process_client_kx0); + if (ret2!=NULL) ret = 1; + return ret; } int _gnutls_kx_client_key_exchange(KXAlgorithm algorithm) { size_t ret = 0; + void* ret2=NULL; + + /* if the auth algorithm does not have a null value + * for the kx0 generation then it supports it! + */ + GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_process_client_kx); + if (ret2!=NULL) ret = 1; + return ret; + +} + + +int _gnutls_kx_client_cert_vrfy(KXAlgorithm algorithm) +{ + size_t ret = 0; + void* ret2=NULL; + + /* if the auth algorithm does not have a null value + * for the cert_vrfy function then it supports it! + */ + GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_client_cert_vrfy); + if (ret2!=NULL) ret = 1; + + return ret; - GNUTLS_KX_ALG_LOOP(ret = p->server_kx); +} + +int _gnutls_kx_server_cert_vrfy(KXAlgorithm algorithm) +{ + size_t ret = 0; + void* ret2=NULL; + + /* if the auth algorithm does not have a null value + * for the cert_vrfy function then it supports it! + */ + GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_server_cert_vrfy); + if (ret2!=NULL) ret = 1; + return ret; } diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 2e12002964..6a5673dae2 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -59,13 +59,21 @@ char *_gnutls_cipher_get_name(BulkCipherAlgorithm algorithm); /* functions for key exchange */ int _gnutls_kx_priority(GNUTLS_STATE state, KXAlgorithm algorithm); int _gnutls_kx_server_certificate(KXAlgorithm algorithm); + +/* key exchange */ int _gnutls_kx_server_key_exchange(KXAlgorithm algorithm); int _gnutls_kx_server_key_exchange2(KXAlgorithm algorithm); int _gnutls_kx_client_key_exchange(KXAlgorithm algorithm); int _gnutls_kx_client_key_exchange0(KXAlgorithm algorithm); +/* client certificate */ int _gnutls_kx_client_certificate(KXAlgorithm algorithm); int _gnutls_kx_RSA_premaster(KXAlgorithm algorithm); int _gnutls_kx_DH_public_value(KXAlgorithm algorithm); + +/* cert vrfy */ +int _gnutls_kx_client_cert_vrfy(KXAlgorithm algorithm); +int _gnutls_kx_server_cert_vrfy(KXAlgorithm algorithm); + MOD_AUTH_STRUCT * _gnutls_kx_auth_struct(KXAlgorithm algorithm); char *_gnutls_kx_get_name(KXAlgorithm algorithm); int _gnutls_kx_is_ok(KXAlgorithm algorithm); diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index db184331b7..33a01c0b23 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -236,10 +236,17 @@ int _gnutls_send_client_certificate_verify(int cd, GNUTLS_STATE state) uint8 *data; int ret = 0; int data_size; + KXAlgorithm algorithm = + _gnutls_cipher_suite_get_kx_algo + (state->gnutls_internals.current_cipher_suite); /* if certificate verify is not needed just exit */ if (state->gnutls_internals.certificate_verify_needed==0) return 0; + if (_gnutls_kx_client_cert_vrfy(algorithm)==0) { + return 0; /* this algorithm does not support cli_cert_vrfy */ + } + #ifdef HARD_DEBUG fprintf(stderr, "Sending client certificate verify message\n"); #endif |